Researchers reported that ,”The malware installed the evasive and persistent Adload adware in the most recent campaign, but UpdateAgent’s ability to gain access to a device can theoretically be further leveraged to fetch other, potentially more dangerous payloads.

In October, we discovered and analysed a sophisticated Mac trojan, which revealed a year-long evolution of a malware family and exemplifies the increasing complexity of threats across platforms. The trojan, known as UpdateAgent, began as a relatively simple information-stealer but was recently observed distributing secondary payloads.

The malware is said to spread through drive-by downloads or advertisement pop-ups disguised as legitimate software such as video applications and support agents, even as the authors have made steady improvements that have transformed UpdateAgent into a more persistent piece of malware.

Among the most significant advancements is the ability to use existing user permissions to perform malicious activities in the background and circumvent macOS Gatekeeper controls, a security feature that ensures only trusted applications from known developers can be installed on a system.

Furthermore, UpdateAgent has been discovered to use public cloud infrastructure, specifically Amazon S3 and CloudFront services, to host its second-stage payloads, which include adware, in the form of.DMG or.ZIP files.

Finally the researchers concluded that ,” Once installed, the Adload malware intercepts and reroutes users’ internet traffic through the attacker’s servers to insert ads into web pages and search engine results, increasing the chances of multiple infections on the devices. UpdateAgent is distinguished by its gradual upgrading of persistence techniques, a key feature indicating that this trojan will most likely continue to use more sophisticated techniques in future campaigns.”

Indicators Of Compromise

Files (SHA-256)

  • 1966d64e9a324428dec7b41aca852034cbe615be1179ccb256cf54a3e3e242ee
  • ef23a1870d84e164a4234074251205190a5dfda9f465c8eee6c7e0d6878c2b05
  • 519339e67b1d421d51a0f096e80a57083892bac8bb16c7e4db360bb0fda3cb11
  • cc2f246dda46b17e9302242879788aa114ee64327c8de43ef2b9ab56e8fb57b2
  • 5c1704367332a659f6e10d55d08a3e0ab1bd26aa97654365dc82575356c80502
  • c60e210f73d5335f57f367bd7e166ff4c17f1073fd331370eb63342ab1c82238
  • f01dec606db8f66489660615c777113f9b1180a09db2f5d19fb5bca7ba3c28c7
  • 4f1399e81571a1fa1dc822b468453122f89ac323e489f57487f6b174940e9c2e
  • 9863bc1917af1622fdeebb3bcde3f7bebabcb6ef13eae7b571c8a8784d708d57
  • a1fba0bb0f52f25267c38257545834a70b82dbc98863aee01865a2661f814723
  • 81cfa53222fa473d91e2a7d3a9591470480d17535d49d91a1d4a7836ec943d3a
  • 78b4478cd3f91c42333561abb9b09730a88154084947182b2ec969995b25ad78
  • 91824c6a36ef60881b4f502102b0c068c8a3acd4bceb86eb4ffd1043f7990763
  • 86b45b861a8f0855c97cc38d2be341cc76b4bc1854c0b42bdca573b39da026ac
  • 84ff961552abd742cc2393dde20b7b3b7b2cfb0019c80a02ac24de6d5fcc0db4
  • 0ee6c8fd43c03e8dc7ea081dfa428f22209ed658f4ae358b867de02030cfc69b
  • 443b6173ddfbcc3f19d69f60a1e5d72d68d28b7323fe2953d051b32b4171aa9a
  • 409f1b4aeb598d701f6f0ed3b49378422c860871536425f7835ed671ba4dd908
  • 77f084b5fc81c9c885a9b1683a12224642072f884df9e235b78941a1ad69b80d
  • cbabbbb270350d07444984aa0ce1bb47078370603229a3f03a431d6b7a815820
  • 053fbb833ac1287d21ae96b91d9f5a9cfdd553bc41f9929521d4043e91e96a98
  • 29e3d46867caddde8bb429ca578dd04e5d7112dd730cd69448e5fb54017a2e30
  • 356d429187716b9d5562fe6eee35ea60b252f1845724b0a7b740fbddec73350f
  • a98ecd8f482617670aaa7a5fd892caac2cfd7c3d2abb8e5c93d74c344fc5879c
  • c94760fe237da5786464ec250eadf6f7f687a3e7d1a47e0407811a586c6cb0fc
  • eb71d15308bfcc00f1b80bedbe1c73f1d9e96fd55c86cf420f1f4147f1604f67
  • 0c08992841d5a97e617e72ade0c992f8e8f0abc9265bdca6e09e4a3cb7cb4754
  • 738822e109f1b14413ee4af8d3d5b2219293ea1a387790f207d937ca11590a14
  • 0d9f861fe4910af8299ac3cb109646677049fa9f3188f52065a47e268438b107
  • a586ef06ab8dd6ad1df77b940028becd336a5764caf097103333975a637c51fa
  • 73a465170feed88048dbc0519fbd880aca6809659e011a5a171afd31fa05dc0b
  • d5c808926000bacb67ad2ccc4958b2896ea562f27c0e4fc4d592c5550e39a741
  • 7067e6a69a8f5fdbabfb00d03320cfc2f3584a83304cbeeca7e8edc3d57bbbd4
  • 939cebc99a50989ffbdbb2a6727b914fc9b2382589b4075a9fd3857e99a8c92a
  • c5017798275f054ae96c69f5dd0b378924c6504a70c399279bbf7f33d990d45b
  • 57d46205a5a1a5d6818ecd470b61a44aba0d935f256265f5a26d3ce791038fb4
  • e8d4be891c518898dd3ccdff4809895ed21558d90d415cee868bebdab2da7397
  • 9f1989a04936cd8de9f5f4cb1f5f573c1871b63737b42d18ac4fa337b089cbdc
  • b55c806367946a70d619f25e836b6883a36c9ad22d694a173866b57dfe8b29c9
  • e46b09b270552c7de1311a8b24e3fcc32c8db220c03ca0d8db05e08c76e536f1
  • f9842e31ed16fe0173875c38a41ed3a766041350b4efcd09da62718557ca3033
  • bad5dc1dd6ff19f9fb1af853a8989c1b0fdfeaa4c588443607de03fccf0e21c9

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin

Published by shamili0508

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s